Autonomous fraud interrogation by mobile device

ABSTRACT

A system, method and a device for offline authentication of transactions using mobile device, based on, analytic engine such as behavioral pattern detection are provided. The behavioral pattern can be for a specific person, for group of people with similar characteristics, or a combination of the two. The invention has the advantage over the prior art centralized authentication and fraud detection systems in that it is more precise in identifying and preventing fraud in real time. The precision is better for both customer and merchant frauds. The present invention also requires fewer investments in infrastructure and uses less communication traffic when compared to the prior art.

FIELD OF THE INVENTION

The present invention is directed to the use of mobile devices inoffline transactions, and, more particularly, to a system, method anddevice for self-authentication of transactions.

DESCRIPTION OF THE RELATED ART

Mobile devices nowadays are in widespread use. The mobile devices oftoday have many uses other than plain conversation and messaging. One ofthe emerging fields of use for the mobile devices is for transactionssuch as purchasing an item.

The improved ability of mobile devices provides enhanced webcapabilities (e.g. internet) and applications. The user interface hasimproved and thus created a platform for applications, innovativeinitiatives and new opportunities.

In the context of financial transactions, the mobile device can be usedin many processes, when payments by which (m-payments) are one categoryof financial transactions implemented by the mobile platform, along withfinancial services (m-services) and trade (m-commerce).

It is customary to distinguish between several key procedures wherein amobile device is involved in financial transactions:

Mobile payment—a fee, set by the transfer of money in exchange for aproduct or service, wherein the mobile device is involved in both theinitiation and the approval of the payment. The payer can be present atthe point of sale or “in movement” (“on the way”) and the infrastructurethat supports the payment can change.

Payment can be processed by credit card or by Prepaid-wallet. (Forexample: money can be transferred and deducted from the amount paid inadvance or can be collected by the MNO.)

Mobile order—the mobile device is used for initiating an order but isnot used for pay. (For example: ordering food via the mobile device froma restaurant and paying with cash on delivery).

Mobile delivery—the mobile device is used for delivery of goods orservices but not used for payment, for example, an event entrance cardissued and delivered to the mobile device.

Mobile authentication—the mobile device is used for authenticating theuser details as part of the transaction or to allow access toinformation or other functionality. For example, code it sent to themobile device which the user should key in online to confirm the user'sidentity.

Mobile banking—access to bank functionality via mobile device, throughthe use of a browser or an application. For example: viewing accountstatus and transaction history through the application. It should benoted that this process allows making a payment using the mobile device.

Mobile marketing—includes loyalty campaigns, advertising and coupons.

Technology for Mobile Payments

The technologies that allow payment by mobile devices can usually bedivided into two categories:

1. Remote payments—the payer and the payment device are not present atthe point of sale;2. Proximity payments—the presence of the payer and the payment deviceare required at the point of sale.Technologies that Enable Remote Payment:

Text messaging via SMS & USSD—SMS communications protocol allowsbroadcasting messages not only between the two mobile devices, but alsobetween the mobile device and a computer, and therefore allowsm-payments. The SMS communications protocol is inexpensive andrelatively simple to use and is now the more accepted method of paymentusing mobile device, however, the user experience is not adequate.Mobile payments derived by SMS allow transfer of funds from listedaccounts or e-wallet. USSD technology is a standard for transferringinformation over the GSM channels and is used primarily as a method forqueries and information services and is associated with information inreal time achieved by calling numbers that begin with “*” or “#”, andthen a combination of numbers and asterisks and ending with “#”. Thereis no option to store and forward information, but the response time ofUSSD is better than SMS.

Interactive Voice Response (IVR)—Communication with a computer servervia a telephone call over the cellular network, usually via dialoguemenus by voice or phone keyboard input. This technology has limited userinterface and user experience is not optimal.

Mobile internet—is typically used for web browsing via small mobiledevices as mobile phones.

Technologies that Require the Presence of Payer at the Point of Sale(Proximity):

NFC (Near Field Communication)—technology that allows devices to performcontactless transactions at short-term distance (approx. 4 cm or 1.5inch in practice), access digital information and link electronicallybetween devices. The NFC has number of variations e.g. NFC Stickers,microSD, integrated device.

QR Code (Quick Response Barcode)—matrix barcode that can be read by areader of QR Code and by a mobile device with a camera. The encodedinformation can be text, URL or other form of data.

Card acceptance on a mobile device—external devices to the mobile deviceallowing receipt of payment and/or credit card informationcharging/payment application, such as Square or “PayPal Here”

Mobile Payments (m-payments) ‘players’ point of view will now bedescribed both from the supply side and the demand side.

Supply Side—Providers of Payments Service in Mobile:

Mobile network operators (MNO's)—MNO's have been striving to achieve areturn on their investments in infrastructure during the last twodecades, which resulted in part an increased use of air time and datatransfer usage. For them, the m-payments have the option to diversifythe range of products and services that correspond to the client's needsand lifestyle.

Financial institutions (Fis)—Fis wanted to ‘stay in the game’ andmaintain their status (e.g. profit) and relationship with the clienteven with the mobile payments environment as they do today in thephysical payments environment, for example issuing “paymentcredentials”.

Manufacturers of mobile phones—(Original Equipment Manufacturers a.k.a.OEMs)—OEMs have the ability to decide which technologies to implement inthe various devices and which uses to allow.

Success using the mobile phone as a payment method has the potential toinfluence towards significant sales increase of mobile phones to newcustomers as well as significant sales increase of mobile phones tocustomers upgrading existing devices to those enabling m-payments.

Trusted Service Managers (TSMs)—third party neutral intermediary or aservice provider providing a single integration point for all thecellular operators (MNOs), for all the financial institutions (Fis),transit authorities and retailers who want to provide mobile paymentapplications, ticketing applications or loyalty applications for theirclients, characterized in that the applications are using NFC technologyin the mobile devices. They are owners or managers of the “SecureElement”.

Main functions of the TSM include, among other things, engagement withmobile network operator and applicative service providers, ensuring theprotection and security from end to end which includes ensuringcompliance with security requirements for software, hardware, cellphones, chips and applications, risk management of scams. They are alsoresponsible for customer service and support in the context of SecureElement, which include customer alerts for loss, theft and reportingfraudulent transactions. Additional tasks include updating userinterfaces, customer database management, life cycle management ofapplications, management services that are “value-added” as reloadingtickets and more.

Technology providers—mobile payments (m-payments), like any othertechnology, are driven by new developments, and hold great opportunitiesfor manufacturers and suppliers of technology and system integration.Among those the following can be included:

chip manufacturers producing the smart card's chips which can host thepayment application or the secure element (SE);SE Issuers—(secure element issuers) match the chip with the appropriateprotection component;service providers offering services for end users, such asauthentication services, and the TSM allows the service provider to usethe secure element.

Demand Side:

Merchants—for them m-payment at point of sale (POS) can lead to highercapacity (throughput) in checkout and the ability to expand the use of,utilize the mobile platform and send marketing messages in real time.Unmanned points of sale or remote points of sale can benefit from thisform of payment by the reduction in costs. Also remote mobile paymentsare another channel with lower costs for merchants.

Consumers—from the perspective of the end consumer, the mobile devicehas become an integral part of his life, the consumer carries iteverywhere and it achieved a status that can be described as “permanentshare of pocket”, i.e. with wallet and keys, it is always with theconsumer. Moreover, as the consumers' confidence rises, they feel morecomfortable to exercise more than one function of the device, and it isslowly turning into a multimedia device with many applications.

NFC (Near Field Communication) Technology

NFC technology, designed to make a connection between different devicesbased on their physical proximity, simplifies the initiation ofcommunication between devices, also making this a much more naturalthing for a user, as part of the natural user interface (NUI) trend.

The technology began as a joint development of Sony and chip maker NXPback in 2002, and is based on RFID (Radio Frequency Identification)chips.

RFID tag contains (identification) information which it transmits as aresponse to a radio signal received from a reader as such. The NFCtechnology differs from*RFID in that it adds security and limits thecommunication range to 10-20 cm (approx. 4-8 inches) or less in reality,to ensure that only deliberate approximation of the tag to a scannerwill share information. In addition, it allows using the tag for otherneeds, such as a workplace identification tag, payment card for publictransportation and substitute means for payment at the store.

The areas of NFC use can be divided into three types of activities:

“Sharing”—transfer of information between two chips. One chip is adevice with a power source and functions as a reader, while the other isa passive chip, with no power source, which is used as a tag containinginformation.

The active chip produces a limited field of radio waves, sufficient forthe passive chip to send the information found on it, for example, SmartPoster.

“Transaction”—payment transactions. In this case communication isbetween an active device connected to the banking system and active orpassive chip that contains customer information. In fact, this type ofthis interaction is a substitute for cash and credit cards, because itallows the transfer of money between compatible devices, provided thatone of them is pre-loaded with any amount, or a transaction brokeredwith the credit card company.

“Coupling”—occurs when both parties are active chips. In this case,two-way information transfer will occur between two devices using thePeer to Peer method, as in the Bluetooth technology.

Payment Card Fraud

Payment card fraud occurs when an element (e.g. person) createsfinancial or material gain by the use of payment means or payment meansinformation to complete a transaction that is not approved by the legalaccount holder. Lack of approval of the account holder is an essentialcharacteristic characterizing this phenomenon. An approval system forpayment card transactions sieves transactions to limit fraud. The systemverifies the card, extracts the card's data and decides whether thetransaction is subject to certain restrictions set by the issuer ormerchant. It could be said that the system checks whether thetransaction is in line with the known behavior of the card owner and ifthis is the case, then in most probability the transaction is beingperformed by the owner of the card.

In general terms, current systems for approval of payment cardtransactions use a statistical model (for example) for identification offraudulent transactions. The efficiency of the statistical model isverified in hindsight. This is done by applying the statistical model toknown transactions. If the statistical model alerts that 1000transactions are suspected as fraud but only 10 transactions areactually fraudulent, then the fraud detection ratio of the statisticalmodel is 1:100. If the statistical model alerts that 100 transactionsare suspected as fraud but only 10 transactions are actually fraudulent,then the fraud detection ratio of the statistical model is 1:10. 1:100is said to be a statistical model with lower fraud detection ratio then1:10. The aim of the developers is to lower the amount of false alarms,without missing the detection of real fraudulent transactions.

However, since no statistical model is foolproof, in practice there isalways a need to balance between two extremes: a model that will findalmost every fraudulent transaction but with many errors (falsepositive) and a model that will not have many errors but will also misson real fraud (false negative).

In the current systems it is impossible to check every suspectedtransaction because it will create an enormous load on the resources ofthe computing system.

As a result, current systems compromise and do not check everytransaction, even though some transactions can be fraudulent.

Transition to electronic payments allows a number of channels to collectpayment card data: mobile readers keep cards data; readers imposed overATM (Skimming); Video Cameras that can capture and copy PIN numbers;utilizing the Internet—sending millions of email messages so a fewrecipients will expose the credit card data and their accounts(phishing); hackers can infiltrate computer systems and steal datavolume from where it is stored or transmitted (data breaches), etc.

It should be noted that payment card data can also be collected in the‘traditional way’ as a result of the card being lost or stolen.

Ongoing struggle with fraud drove their extent down. Among the factorsthat decreased the rate of fraud were the following:

-   -   Transition to EMV card with transactions at points of sale.    -   Use of Dual Factor Authentication and dynamic authentication        (one-time passwords by token, SMS, software, etc.) for CNP (Card        Not Present) transactions (mainly online).    -   PCI DSS—broad implementation of information security standards        in the payment cards industry. The Payment Card Industry Data        Security Standard is a common standard for credit companies        since 2004.    -   Better intelligence of the credit card companies (network        intelligence), risk evaluation, alerts to consumers in near real        time.    -   Better sharing of fraud knowledge management by all parties in        the industry.

The EMV Standard

EMV initials represent the names of the companies Europay, MasterCardand Visa, which were the original founders of the EMV standard.

The term EMV refers to specification of technical requirements forpayment, usually payment cards type of Credit or Debit, in whichmicrochips are embedded and is designed to combat fraud.

These cards require a code to initiate a transaction, and are safer.There are several types of payments using these cards, including Chipplus PIN (the most common) and Chip plus Choice (selection betweensigning and PIN as a cardholder identity verification). Those kinds ofsecurity measures are known as VISA's Dynamic passcode authentication(DPA), and MasterCard's Chip Authentication Protocol (CAP).

In remote transactions, were the card cannot be presented, a readerdevice is used. The customer enters a PIN. An application residing onthe chip on the EMV card generates a one-time password (OTP), specificto the current transaction.

Since the card was swiped through the reader and a PIN was entered, thisamounts to Dual Factor Authentication.

However, it should be noted that this security measure is applied to allCNP transactions. There is no enhanced scrutiny against a specifictransaction suspected to be fraudulent.

PRIOR ART SYSTEM AND METHOD

An example for the system used nowadays is brought up in FIG. 1. Thesystem comprises:

the customer's credit card 60;the point of sale (POS) 70 where the customer makes a payment using thecredit card 60;the clearing house 80:the issuer 90 which issued the credit card 60.

FIG. 2 describes an exemplary method for approving a transaction usingthe system that was described in FIG. 1.

In step 510 the card 60 is used by the customer to initiate atransaction in the POS 70.

The transaction details are sent in step 520 from the POS 70 to theclearing house 80. The clearing house 80 routes, in step 530, thetransaction to the card issuer 90. The issuer 90 generates in step 540 aresponse to the transaction. The response could be one of the following:

Approve—the transaction is approved.

Decline—the transaction is declined.

Kill—the credit card should be put out of use.

Referral—the merchant or the customer who owns the card should call theissuer (i.e. credit card company) 90.

The response is routed in step 550 from issuer 90 to the clearing house80. In step 560 the clearing house 80 routes the response to the POS 70.At the POS 70, in step 570, the transaction is committed or declinedaccording to the response.

It should be noted that in this prior art systems, small amounttransactions are not always sent for approval. This is because theinvestment in infrastructure in order to verify small amounttransactions would not be cost effective compared to the gain.

The prior art systems are based on a server in the issuer (e.g. bank)premises which does the fraud detection checks for millions or tens ofmillions of customers. This amounts to tens (or even more) of checks persecond.

Therefore the amount of time per check should be less then tenth of asecond.

It also should be noted that it takes time for the communication to passfrom the POS to server and for the confirmation or decline of thetransaction to travel back from the server to the POS.

During the check, the server has to retrieve all the needed informationneeded for processing and perform a large amount of complex mathematicalcalculations.

In practice, these servers are very expensive. Therefore the issuercompromises on the quality of the statistical models and the quantity ofthe checks.

The result is that the level of coverage and accuracy are insufficientand there are many mistakes:

classifying legitimate transactions as fraudulent (false positive);classifying fraudulent transactions as legitimate (false negative).

In practice, due to the low level of accuracy, transactions are rarelyblocked.

US patent application, publication no. 2010/0327056, discloses a paymentapproval system and a method for approving a payment for credit cards.The method comprises obtaining fraud parameters by modeling a pattern offraud usage and for self-authentication (offline approval). However,when self-authentication (offline approval) process estimates apossibility of fraud usage, online approval for more detailedstatistical analysis processing is requested from a remote computer.

PCT publication no. WO/2006/012538 discloses a methods and apparatus fortransaction completion using a proximity integrated circuit paymentdevice i.e. smartcard. The merchant system retrieves information fromthe smartcard and determines whether the transaction should be completedonline or offline.

None of the current technologies and prior art, taken alone or incombination, does not address the issue of offline authorization,self-authentication and fraud detection of a transaction, e.g. there isno handling of the security aspects of the transaction withoutrequesting the bank or the credit card company for approval. There isalso no solution to the issue of using a statistical model with lowersuspicious rate then current statistical models without blocking thetransaction or the card.

SUMMARY OF THE INVENTION

In one embodiment of the present invention, there is provided a systemmethod and a device for offline authentication of transactions usingmobile device, based on, analytic engine such as behavioral patterndetection.

The behavioral pattern can be for a specific person, for group of peoplewith similar characteristics, or a combination of the two.

The present invention has the advantage over the prior art centralizedauthentication and fraud detection systems in that it is more precise inidentifying and preventing fraud in real time. The precision is betterfor both customer and merchant frauds. The present invention alsorequires fewer investments in infrastructure and uses less communicationtraffic when compared to the prior art.

These and other features of the invention will be more readilyunderstood upon consideration of the attached drawings and of thefollowing detailed description of those drawings and thepresently-preferred and other embodiments of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is an exemplary prior art payment system;

FIG. 2 is a flow chart of an exemplary method for transaction approvalused with the prior art payment system;

FIG. 3 is an exemplary payment system in accordance with the presetinvention;

FIG. 4 is a flow chart of an exemplary method of secure purchase inaccordance with the preset invention;

FIG. 5 is an exemplary mobile payment device in accordance with thepreset invention;

FIG. 6 is an exemplary verification process in accordance with thepreset invention;

FIG. 7 is an exemplary validation process for a merchant in accordancewith the preset invention.

DETAILED DESCRIPTION

The following terminology will be used throughout the description:

ACH

Short for “Automated Clearing House”, a nationwide electronic networkfor financial transactions. The network clears credit and debittransactions. Rules and regulations for the network are set by NACHA andthe Federal Reserve.

Acquirer, Merchant Acquirer

Either a bank, a processor or independent sales organization (ISO)handling the merchant's card acceptance. A processor or ISO will workwith an acquiring bank, which is needed to officially accept payment onbehalf of the merchant.

AML/ATF

Anti-Money Laundering/Anti-Terrorist Financing

Associations, also referred to as “Payment brands” or “Network”

In the world of credit and debit cards, this is a legacy term thatreferred to ownership of networks by groups of financial institutions.Today, the word is sometimes used to refer to companies such asMasterCard, Visa, American Express, Discover, STAR, NYCE and otherswhich regulate card acceptance rules and interchange for their memberfinancial institutions.

Authorization

The process by which an association or a network requests an approvalfrom the issuer (e.g. bank), on behalf of the merchant. Once atransaction is authorized, the association sends the approval to themerchant acquirer, who passes it along to the merchant. Then thecustomer can complete the purchase.

Chargebacks

The refusal or reversal by the issuing bank of a transaction presentedby the merchant acquirer. Chargebacks result when an issuer returns orcharges back the purchase amount to the merchant.

Clearing

The process by which the merchant acquirer sends purchase information tothe association or network, which in turn sends it along to the issuer(e.g. bank). The issuer then prepares the information for the customer'sstatement.

CNP

Card not present, transaction without the presence of the card, takingplace over the mail or the phone or the internet (e-commerce)

Compliance

With respect to credit and debit cards, it refers to all the rules andregulations merchants must meet in order to have the right to acceptelectronic payments, adhering to formats such as the Payment CardholderIndustry Data Security Standard (PCI DSS).

Customer

Refers, but is not limited to, to the person who wishes to perform atransaction at a point of sale.

EFT Network

Short for “electronic-funds-transfer” network, a telecommunications andpayments infrastructure that connects consumers, ATMs, merchants andbanks. There are two types of transactions: those at ATMs and those fromsignature-debit cards at POS terminals.

EMV Standard

Europay MasterCard Visa, a global standard for cards, POS, and ATMterminals in relation to credit and debit card payments.

FI

Short for “Financial institution”. A financial institution acts as anagent that provides financial services for its clients or members.Financial institutions generally fall under financial regulation of agovernment authority. Common types of financial institutions includebanks, building societies, credit unions, stock brokerages, assetmanagement firms, and similar businesses. Financial institutions providea service as intermediaries of the capital and debt markets. They areresponsible for transferring funds from investors to companies, in needof those funds.

Fraud Detection Ratio

The ratio between the number of alerts to actual fraud detection. Thestatistical model, used for alerting suspicious transactions, isverified in hindsight. This is done by applying the statistical model toknown transactions and counting how many of the alerts are actually realfrauds.

Issuer

A term used to define who issues the credit or debit card. The issuerbears the risk, essentially vouching for the creditworthiness of thecustomer after approving the customer's transaction.

Mandate

In payments, the “mandate” is the authorization required.

Merchant

Merchants function as professionals who deal with trade, dealing incommodities that they do not produce themselves, in order to produceprofit.

MNO

Short for “Mobile Network Operator”. MNO is a company that providesservice and has its own frequency allocation of the radio spectrum. Italso has the entire infrastructure required to provide mobile telephoneservice.

Mobile Payment Device

A device used for mobile payment, which can be, but not limited to, acellular phone, also known as mobile phone, or a credit card as long asthe device has memory, processor for executing a program and the abilityfor data communication. The data communication can be done for example,via cellular data communication (3G, 4G), Wi-Fi, Bluetooth, NFC or anycombination thereof.

m-Payment, Mobile Payment

A payment where the mobile phone is involved in the initiation and/orconfirmation of the payment. The payer may or may not be ‘mobile’ or ‘onthe move’.

NFC

Near Field Communication (NFC) is a short-range high frequency wirelesscommunication technology which enables the exchange of data betweendevices up to a ten or twenty centimeter (four or eight inches) distancein theory (less than that in practice). The technology is a simpleextension of the ISO 14443 proximity-card standard that combines theinterface of a smartcard and a reader into a single device.

Non-Cash Payments

Payments made with instruments other than notes and coins, i.e., usingcredit transfers, direct debits, credit or debit cards or checks.

PIN

Personal Identification Number.

PIN-Based Debit

A process where debit transactions are routed through EFT networks orVisa and MasterCard's online EFT networks, requiring a PIN. Electronicauthorization of every transaction and the debits to a customer'schecking account is reflected immediately. Also known as “online debit.”

POS

Short for “Point Of Sale”. The site where a customer makes payment viacredit or debit cards. Generally terminals are at the cash register, thecheckout counter in a retail shop, but mobile terminals at restaurants,theme parks, computer stores and other merchants are changing wheretransactions can be conducted.

Processor

A company that handles all or some of the functions of a credit or debittransaction, ranging from providing terminals to managing back-endsettlement.

SE—Secure Element

Also known as Security Element. Physical place used for userauthentication, authorization and stored credentials; it housesconfidential information.

Settlement

Process by which the issuing bank sends payment to the association,which in turn sends it to the merchant acquirer. The acquizer then fundsthe merchant account.

In an exemplary embodiment of the present invention, system, method anda device for self-authentication (offline approval) of transactionsusing mobile device, based on, analytic engine such as behavioralpattern detection are provided. This is in contrast to current centralauthentication systems as known in the prior art.

In general terms, one of the steps in the method of the presentinvention is storing a profile of the customer on the customer's mobilepayment device. This profile. (e.g. behavioral pattern), stores, forexample, the behavior of the customer and the personal details of thecustomer. For example, the profile is updated when the customer travelsto another country, or when the personal status of the customer changes(i.e. marriage, children).

As is known to those skilled in the art, the associations or financialinstitutions (e.g. issuers), currently store a profile of the customerin order to approve the transactions. However, due to the large volumeof transaction approval requests that should be processed in fractionsof a second, especially at peak times, the best known models for frauddetection cannot be implemented. In order to implement the best knownmodels and process the transaction in the desired time, many powerfulprocessing units are needed, which would have resulted an investmentwhich is not cost effective.

Furthermore, even if those best models would have been implemented, theywould still have produced large amounts of false positive (tagging andalerting legitimate transactions as fraudulent). Not only that, butthese models would have missed fraudulent transactions as well (falsenegative). It is obvious that missing fraudulent transactions, as wellas handling false identification, creates a toll on the financialinstitutions.

For the reasons described hereinabove, fraud detection ratio lower then1:10 (1:11, etc.) is not dealt by the issuers as fraud. Such a ratiomeans that there would be too many false positives as there are fraudsthus creating a load on the issuer to check all those transactions, andalso the possibility of troubling many customers which have done nothingwrong.

In the present invention however, since the fraud detection engineoperates in the mobile payment device of the customer, it is nowpossible to put more stringent requirements, taking the risk of highlevels of false positive alerts. This is made possible in the currentinvention since, in the case of alert, the customer can be prompted, forexample, to enter a code or biometric data as a general rule or in caseof doubt. All of this is being done offline, e.g. without accessing theassociations or financial institutions, thus taking a load of them.

Also, in the current invention there is no actual limit on theprocessing power, since the transaction authorization is performed onthe personal mobile payment device of the customer. Instead of using acentral server, processing is now distributed and this amounts to moreprocessing power in comparison to the prior art central server.

Since more processing power is now available, the customer's profile,which stores for example the behavioral pattern of the customer, can bemore complex and accurate.

The current invention also has the advantage that it avoids sending datafrom the POS to the central server and receiving confirmation ordecline, thus avoiding the communication time which is required by theprior art. The time spent by the current invention is the net time forcalculating whether a transaction is fraudulent.

Another advantage of the invention over the prior art is that customer'sprofile can be updated per change (incremental) in real time, incontrast to the prior art where all the profiles of the customers arestored on a central location and due to the large volume of data updatesare being done once in a while for all the records.

As a result, the limitations of the prior art are overcome and thesystem is less prone to fraud abuse.

As will be described in greater detail hereinafter, in principle themobile payment device will have the related software residing in asecure area and consuming relatively a small size. This part of thesoftware will rarely by updated. Contrary to that, the file containingthe behavioral pattern will be updated frequently. This file is alsorelatively large and encrypted, its decryption being done by thesoftware residing in a secure area.

Referring to FIG. 3, an exemplary payment system 100 will be described.The exemplary system 100 includes the following elements:

an issuer 10 which in exemplary embodiment is the credit card company ora bank, server 20 which in exemplary embodiment can be one server orplurality of servers, residing at the issuer's premises or at separatelocation,mobile payment device 30 which in exemplary embodiment can be, but isnot limited to,a mobile telephone device or a credit card,point of sale (POS) 40,clearing house 50.

It is to be understood that the elements of the system are connected toeach other via standard communication lines, either wire line orwireless, as known in the art.

It should be understood that some elements are presented as separateelements for the sake of clarity only. In another exemplary embodiment,several elements from the group comprising the server, issuer and theclearing house could be grouped together to form one element.

Referring to FIG. 4, an exemplary method of secure purchase withself-authentication will now be described. In step 100, the issuer 10sends the transactional data of the customer to the server 20. In step110, the server 20 computes a unique behavioral pattern of the customer.The behavioral pattern is sent to the mobile payment device 30 in step120.

When the customer wishes to perform a transaction, the customer's mobilepayment device 30 receives from the point of sale 40 the transactiondetails in step 130. In an exemplary embodiment, the transactionsdetails comprise the merchant ID, time of the transaction and the sumamount of the transaction.

In step 140 the mobile payment device 30 computes whether thetransaction can receive authorization, based on the behavioral patternreceived in the mobile payment device, described in step 120.

If the outcome of the computation in step 140 is negative, then thecustomer will be asked in step 150 to enter identification means. Themobile payment device 30 then verifies the identification means. If theverification fails, then the customer will not be able to perform thetransaction.

Steps 140 and 150 will be referred to hereinafter as the verificationprocess and will be further detailed later on.

However, if the transaction is authorized by the mobile payment device30, either in step 140 or 150, then transaction data is sent to in step160 via the POS 40 to the clearing house 50.

In step 170 clearing house 50 sends the transaction data to the issuer10.

Referring now to FIG. 5, the exemplary mobile payment device 30 inaccordance with the present invention will now be described.

The exemplary mobile payment device 30 contains among other elements thefollowing elements:

Location receiver 31 for calculation of the mobile payment devicelocation using data received. The received data can be, and is notlimited to, GPS (global positioning system) data received from orbitingsatellites, position data received via base station e.g. TOA,triangulation, etc. or any combination thereof. Methods for locating theposition of a mobile device are well known in the art and will not bediscussed further here. Validity token 32 stores a token based in anexemplary embodiment on One Time Password (OTP), well-known to thoseskilled in the art. The validity token is received from the server 20.It is replaced once every known period which in an exemplary embodimentcould extend from a few minutes to a few days, depending on the neededlevel of security, to verify that the mobile payment device is in orderand is not blocked.

In an exemplary embodiment, if the mobile payment device was stolen thenit is considered not in order. In another exemplary embodiment, themobile payment device will be blocked if the user had reached theallowed limit for accumulated transactions (credit limit), i.e. not OpenTo Buy (OTB). Another exemplary option for blocking the mobile paymentdevice is if the user has entered incorrect identification means suchas, but not limited to, wrong password. It will be understood by thoseskilled in the art that blocking the device due to wrong password can beactivated after a predefined number of false retries. Replacing thetoken can take place for example either by SMS or WI-FI or voicecommunication, or mobile data.

In the event that the valid validity token was not received in themobile payment device, then the payment software will be ‘locked’, i.e.not usable, a procedure well known in the art. In another exemplaryembodiment, the entire functionality of the mobile payment device willbe halted. For example, if the mobile payment device is cellular phone,then it will not be able to make outgoing calls.

In another exemplary embodiment, it is possible to take immediate actionfor disabling the mobile payment device, without waiting for the tokento expire. For example, if a transaction has exceeded the allowed limit,the mobile payment device can be instructed, by a remote command, to‘lock’ the payment software. Another option is to initiate the ‘locking’of the payment software by the customer and/or service representative,for example, in the case that the mobile payment device was stolen.

Behavioral pattern 33 is for example, an encrypted file or files or anyother collection of data, received from the server 20. The file (orfiles) describes the behavior profile of the customer and similarcustomers. In an exemplary embodiment, the file can also describe thebehavior profile of fraudulent persons or specific customer encryptedrules. This file does not necessarily need to reside in a secure area asopposed to the model 34, because it is relatively large when compared tothe model, and because it is encrypted. It can reside, for example, inthe memory of the mobile payment device. The behavioral pattern isunique for every customer. In an exemplary embodiment however, onemobile payment device can support two or more files representingdifferent behavioral patterns of different users or customers. Inanother exemplary embodiment, one mobile payment device can support twoor more files representing different behavioral patterns of differentcards from different issuers related to the same customer.

Model 34 is a software element implementing one or more algorithms.

In an exemplary embodiment, the algorithm can be the logistic model. Asknown to those skilled in the art, this model is basing its predictionsby the deviation from the regular behavior of the customer.

In another exemplary embodiment, the algorithm can be the known in theart rule based engine related to the specific customer encrypted rulesthat were sent to element 33 form the server 20.

In yet another exemplary embodiment, the algorithm can be a data miningfunction implemented in the form of a decision tree or neural networkengine as is known in the art.

The model resides inside a protected area, which is secure and notaccessible for users after the initial installation. In an exemplaryembodiment, the protected area can be located in a secure area insidethe SIM card of the mobile device, as implemented for example byGoogle's Android operating system. In another exemplary embodiment, theprotected area can be located in the memory of the device as implementedfor example by Apple's iOS operating system.

The model 34 uses the data or rules that were stored with element 33 forrejecting or approving the transaction. This is done by decrypting theencrypted behavioral pattern file or data or rules, and, when atransaction takes place, calculating the probability for fraud based onthe behavioral pattern or data or rules and the transaction details. Inanother exemplary embodiment, the outcome of the calculation by themodel can be a request for higher level of security, implemented forexample by requesting the customer to enter one or more codes, indifferent lengths, as defined by the requested security level. Theapplication 35 also resides in the protected area. As will be readilyunderstood by those skilled in the art, the application communicateswith the other elements of the mobile payment device and executes thedifferent algorithms which are part of the various methods of thecurrent invention.

Referring now to FIG. 6, an exemplary verification process (steps 140and 150 in FIG. 2) in accordance with the present invention will bedescribed.

In step 405 the mobile payment device and the POS initiatecommunication. The communication is short ranged in order to achievesecurity and avoid ears dropping. Examples of short range communicationinclude, among others, NFC and Bluetooth, as is well known for thoseskilled in the art. The mobile payment device identifies itself to theOOS either by key exchange or by a standard protocol as defined in theNFC specifications.

In step 410 the POS 40 validates the validity token 32. This step isoptional, since as described hereinabove, the functionality of themobile payment device will halt in the case that a valid token does notexist.

In step 420 the transaction details are transferred to the mobilepayment device 30 from the POS. In an exemplary embodiment thetransaction details comprise merchant ID, time of the transaction andthe sum amount of the transaction.

In step 430 the model 34, based on the behavioral pattern 33 approves ordenies the transaction.

If the model in step 430 denied the transaction, then the customer willbe asked in step 440 to enter identification means. The identificationmeans can be, and not limited to, password, biometric characteristic ofthe customer, or a combination thereof. The mobile payment device 30then verifies the identification means. If the verification fails, thenthe customer will not be able to perform the transaction. An update onthe failure is sent to server 20 and from the server to the issuer 10.The issuer can consider blocking (i.e. lock) the customer from furtheruse of the payment software as was previously described.

If, however, the customer was successful in the verification of step440, the server 20 will be updated with the transaction details and alsowith location data, so the server can update the profile of thecustomer.

In an exemplary embodiment, the system can be used to track merchantfraud in addition to customer fraud that was described hereinabove. If,for example, there is suspicion that a certain transaction was notcarried out by the customer, the mobile payment device could beinterrogated for approving or denying that this transaction ever tookplace. It is to be understood by those skilled in the art that thisembodiment requires the mobile payment device to keep track of thecustomer's transactions, as can be seen in element 36 of the mobilepayment device 30 in FIG. 5.

FIG. 7 describes in more detail an exemplary method for merchantverification.

In step 610 the issuer 10 receives transaction data from the merchant.In order to verify that the transaction indeed took place, in step 620the issuer 10 sends to the server 20 a request for transactionvalidation. In step 630 the server 20 sends a request to the mobilepayment device 30 for the transaction details. The mobile paymentdevice, in turn, sends the requested transaction details or a responsethat the details are not available, to the server 20. The server 20validates the transaction and the merchant in step 650 if thetransaction details are available and then sends the results ofvalidation to the issuer 10.

While the foregoing written description of the invention enables one ofordinary skill to make and use what is considered presently to be thebest mode thereof, those of ordinary skill will understand andappreciate the existence of variations, combinations, and equivalents ofthe specific embodiment, method, and examples herein. The inventionshould therefore not be limited by the above described embodiment,method, and examples, but by all embodiments and methods within thescope and spirit of the invention.

1-28. (canceled)
 29. A non-transitory computer readable medium storinginstructions that, when executed by at least one processor, cause the atleast one processor to perform operations comprising: accessing, on amobile payment device, transaction data associated with a requestedfinancial transaction; autonomously accessing, in the mobile paymentdevice and without resort to information remotely stored, dataassociated with past conduct of a user of the mobile payment device;autonomously comparing, in the mobile payment device, and without resortto information remotely stored, the transaction data with the pastconduct data; autonomously determining, in the mobile payment devicebased on the comparing, whether to present a query to the user beforeproceeding with the requested financial transaction; autonomouslypresenting the query to the user before proceeding with the requestedfinancial transaction; and autonomously determining, in the mobilepayment device, and without resort to information remotely stored,whether to permit the requested financial transaction to proceed basedon a response to the query by the user.
 30. The non-transitory computerreadable medium of claim 29, wherein autonomously accessing dataassociated with past conduct includes accessing a behavioral profilepreviously transmitted to the mobile payment device from a remoteserver.
 31. The non-transitory computer readable medium of claim 29,wherein the query prompts the user to input information uniquely held bythe user.
 32. The non-transitory computer readable medium of claim 29,wherein the query prompts the user to input biometric information. 33.The non-transitory computer readable medium of claim 29, wherein theoperations further comprise, if the response to the query by the user isincorrect, denying the requested financial transaction.
 34. Thenon-transitory computer readable medium of claim 33, wherein theoperations further comprise communicating to a point of sale terminalthat the requested financial transaction is not authorized.
 35. Thenon-transitory computer readable medium of claim 29, wherein the pastconduct data is reflected in a behavioral profile, which is stored onthe mobile payment device.
 36. The non-transitory computer readablemedium of claim 35, wherein the behavioral profile comprises pastconduct data associated with a plurality of individuals other than theuser.
 37. The non-transitory computer readable medium of claim 35,wherein the behavioral profile comprises data associated with fraudulentactivity.
 38. The non-transitory computer readable medium of claim 29,wherein the past conduct data is reflected in a plurality of behavioralprofiles, which are stored on the mobile payment device.
 39. Acomputer-implemented method for autonomous fraud interrogation by amobile payment device comprising: accessing, on the mobile paymentdevice, transaction data associated with a requested financialtransaction; autonomously accessing, in the mobile payment device andwithout resort to information remotely stored, data associated with pastconduct of a user of the mobile payment device; autonomously comparing,in the mobile payment device, and without resort to information remotelystored, the transaction data with the past conduct data; autonomouslydetermining, in the mobile payment device based on the comparing,whether to present a query to the user before proceeding with therequested financial transaction; autonomously presenting the query tothe user before proceeding with the requested financial transaction; andautonomously determining, in the mobile payment device, and withoutresort to information remotely stored, whether to permit the requestedfinancial transaction to proceed based on a response to the query by theuser.
 40. The computer-implemented method of claim 39, whereinautonomously accessing data associated with past conduct includesaccessing a behavioral profile previously transmitted to the mobilepayment device from a remote server.
 41. The computer-implemented methodof claim 39, wherein the query prompts the user to input informationuniquely held by the user.
 42. The computer-implemented method of claim39, wherein the query prompts the user to input biometric information.43. The computer-implemented method of claim 39, further comprising, ifthe response to the query by the user is incorrect, denying therequested financial transaction.
 44. The computer-implemented method ofclaim 43, further comprising communicating to a point of sale terminalthat the requested financial transaction is not authorized.
 45. Thecomputer-implemented method of claim 39, wherein the past conduct datais reflected in a behavioral profile, which is stored on the mobilepayment device.
 46. The computer-implemented method of claim 45, whereinthe behavioral profile comprises past conduct data associated with aplurality of individuals other than the user.
 47. Thecomputer-implemented method of claim 45, wherein the behavioral profilecomprises data associated with fraudulent activity.
 48. Thecomputer-implemented method of claim 39, wherein the past conduct datais reflected in a plurality of behavioral profiles, which are stored onthe mobile payment device.